---
apiVersion: v1
kind: Namespace
metadata:
  name: "{{ cloudcore_namespace }}"
  labels:
    k8s-app: kubeedge

---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubeedge
    kubeedge: cloudcore
  name: cloudcore
  namespace: "{{ cloudcore_namespace }}"

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cloudcore
  labels:
    k8s-app: kubeedge
    kubeedge: cloudcore
rules:
  - apiGroups: [""]
    resources: ["nodes", "nodes/status", "configmaps", "pods", "pods/status", "secrets", "endpoints", "services"]
    verbs: ["get", "list", "watch", "create", "update"]
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "create"]
  - apiGroups: [""]
    resources: ["pods/status"]
    verbs: ["patch"]
  - apiGroups: [""]
    resources: ["pods", "configmaps"]
    verbs: ["delete"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "list", "watch", "create", "update"]
  - apiGroups: ["devices.kubeedge.io"]
    resources: ["devices", "devicemodels", "devices/status", "devicemodels/status"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: ["reliablesyncs.kubeedge.io"]
    resources: ["objectsyncs", "clusterobjectsyncs", "objectsyncs/status", "clusterobjectsyncs/status"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloudcore
  labels:
    k8s-app: kubeedge
    kubeedge: cloudcore
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cloudcore
subjects:
  - kind: ServiceAccount
    name: cloudcore
    namespace: "{{ cloudcore_namespace }}"

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  labels:
    controller-tools.k8s.io: "1.0"
  name: devices.devices.kubeedge.io
spec:
  group: devices.kubeedge.io
  names:
    kind: Device
    plural: devices
  scope: Namespaced
  validation:
    openAPIV3Schema:
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          properties:
            deviceModelRef:
              description: 'Required: DeviceModelRef is reference to the device model
                used as a template to create the device instance.'
              type: object
            nodeSelector:
              description: NodeSelector indicates the binding preferences between
                devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector
                for more details
              type: object
            protocol:
              description: 'Required: The protocol configuration used to connect to
                the device.'
              properties:
                bluetooth:
                  description: Protocol configuration for bluetooth
                  properties:
                    macAddress:
                      description: Unique identifier assigned to the device.
                      type: string
                  type: object
                modbus:
                  description: Protocol configuration for modbus
                  properties:
                    slaveID:
                      description: Required. 0-255
                      format: int64
                      type: integer
                      minimum: 0
                      maximum: 255
                  required:
                    - slaveID
                  type: object
                opcua:
                  description: Protocol configuration for opc-ua
                  properties:
                    certificate:
                      description: Certificate for access opc server.
                      type: string
                    password:
                      description: Password for access opc server.
                      type: string
                    privateKey:
                      description: PrivateKey for access opc server.
                      type: string
                    securityMode:
                      description: Defaults to "none".
                      type: string
                    securityPolicy:
                      description: Defaults to "none".
                      type: string
                    timeout:
                      description: Timeout seconds for the opc server connection.???
                      format: int64
                      type: integer
                    url:
                      description: 'Required: The URL for opc server endpoint.'
                      type: string
                    userName:
                      description: Username for access opc server.
                      type: string
                  required:
                    - url
                  type: object
                common:
                  description: Common part of protocol configuration
                  properties:
                    com:
                      properties:
                        baudRate:
                          description: Required. BaudRate 115200|57600|38400|19200|9600|4800|2400|1800|1200|600|300|200|150|134|110|75|50
                          format: int64
                          type: integer
                          enum:
                            - 115200
                            - 57600
                            - 38400
                            - 19200
                            - 9600
                            - 4800
                            - 2400
                            - 1800
                            - 1200
                            - 600
                            - 300
                            - 200
                            - 150
                            - 134
                            - 110
                            - 75
                            - 50
                        dataBits:
                          description: Required. Valid values are 8, 7, 6, 5.
                          format: int64
                          type: integer
                          enum:
                            - 8
                            - 7
                            - 6
                            - 5
                        parity:
                          description: Required. Valid options are "none", "even",
                            "odd". Defaults to "none".
                          type: string
                          enum:
                            - none
                            - even
                            - odd
                        serialPort:
                          description: Required.
                          type: string
                        stopBits:
                          description: Required. Bit that stops 1|2
                          format: int64
                          type: integer
                          enum:
                            - 1
                            - 2
                      required:
                        - baudRate
                        - dataBits
                        - parity
                        - serialPort
                        - stopBits
                      type: object
                    tcp:
                      properties:
                        ip:
                          description: Required.
                          type: string
                        port:
                          description: Required.
                          format: int64
                          type: integer
                      required:
                        - ip
                        - port
                      type: object
                    commType:
                      description: Communication type, like tcp client, tcp server or COM
                      type: string
                    reconnTimeout:
                      description: Reconnection timeout
                      type: integer
                    reconnRetryTimes:
                      description: Reconnecting retry times
                      type: integer
                    collectTimeout:
                      description: 'Define timeout of mapper collect from device.'
                      format: int64
                      type: integer
                    collectRetryTimes:
                      description: 'Define retry times of mapper will collect from device.'
                      format: int64
                      type: integer
                    collectType:
                      description: 'Define collect type, sync or async.'
                      type: string
                      enum:
                        - sync
                        - async
                    customizedValues:
                      description: Customized values for provided protocol
                      type: object
                  type: object
                customizedProtocol:
                  description: Protocol configuration for customized Protocol
                  properties:
                    protocolName:
                      description: The name of protocol
                      type: string
                    configData:
                      description: customized config data
                      type: object
                  required:
                    - protocolName
                  type: object
              type: object
            propertyVisitors:
              description: 'Required: List of property visitors which describe how
                to access the device properties. PropertyVisitors must unique by propertyVisitor.propertyName.'
              items:
                properties:
                  bluetooth:
                    description: Bluetooth represents a set of additional visitor
                      config fields of bluetooth protocol.
                    properties:
                      characteristicUUID:
                        description: 'Required: Unique ID of the corresponding operation'
                        type: string
                      dataConverter:
                        description: Responsible for converting the data being read
                          from the bluetooth device into a form that is understandable
                          by the platform
                        properties:
                          endIndex:
                            description: 'Required: Specifies the end index of incoming
                              byte stream to be considered to convert the data the
                              value specified should be inclusive for example if 3
                              is specified it includes the third index'
                            format: int64
                            type: integer
                          orderOfOperations:
                            description: Specifies in what order the operations(which
                              are required to be performed to convert incoming data
                              into understandable form) are performed
                            items:
                              properties:
                                operationType:
                                  description: 'Required: Specifies the operation
                                    to be performed to convert incoming data'
                                  type: string
                                  enum:
                                    - Add
                                    - Subtract
                                    - Multiply
                                    - Divide
                                operationValue:
                                  description: 'Required: Specifies with what value
                                    the operation is to be performed'
                                  format: double
                                  type: number
                              type: object
                            type: array
                          shiftLeft:
                            description: Refers to the number of bits to shift left,
                              if left-shift operation is necessary for conversion
                            format: int64
                            type: integer
                          shiftRight:
                            description: Refers to the number of bits to shift right,
                              if right-shift operation is necessary for conversion
                            format: int64
                            type: integer
                          startIndex:
                            description: 'Required: Specifies the start index of the
                              incoming byte stream to be considered to convert the
                              data. For example: start-index:2, end-index:3 concatenates
                              the value present at second and third index of the incoming
                              byte stream. If we want to reverse the order we can
                              give it as start-index:3, end-index:2'
                            format: int64
                            type: integer
                        required:
                          - endIndex
                          - startIndex
                        type: object
                      dataWrite:
                        description: 'Responsible for converting the data coming from
                          the platform into a form that is understood by the bluetooth
                          device For example: "ON":[1], "OFF":[0]'
                        type: object
                    required:
                      - characteristicUUID
                    type: object
                  modbus:
                    description: Modbus represents a set of additional visitor config
                      fields of modbus protocol.
                    properties:
                      isRegisterSwap:
                        description: Indicates whether the high and low register swapped.
                          Defaults to false.
                        type: boolean
                      isSwap:
                        description: Indicates whether the high and low byte swapped.
                          Defaults to false.
                        type: boolean
                      limit:
                        description: 'Required: Limit number of registers to read/write.'
                        format: int64
                        type: integer
                      offset:
                        description: 'Required: Offset indicates the starting register
                          number to read/write data.'
                        format: int64
                        type: integer
                      register:
                        description: 'Required: Type of register'
                        type: string
                        enum:
                          - CoilRegister
                          - DiscreteInputRegister
                          - InputRegister
                          - HoldingRegister
                      scale:
                        description: The scale to convert raw property data into final
                          units. Defaults to 1.0
                        format: double
                        type: number
                    required:
                      - limit
                      - offset
                      - register
                    type: object
                  opcua:
                    description: Opcua represents a set of additional visitor config
                      fields of opc-ua protocol.
                    properties:
                      browseName:
                        description: The name of opc-ua node
                        type: string
                      nodeID:
                        description: 'Required: The ID of opc-ua node, e.g. "ns=1,i=1005"'
                        type: string
                    required:
                      - nodeID
                    type: object
                  customizedProtocol:
                    description: customized protocol
                    properties:
                      protocolName:
                        description: The name of protocol
                        type: string
                      configData:
                        description: customized config data
                        type: object
                    required:
                      - protocolName
                      - configData
                    type: object
                  propertyName:
                    description: 'Required: The device property name to be accessed.
                      This should refer to one of the device properties defined in
                      the device model.'
                    type: string
                  reportCycle:
                    description: 'Define how frequent mapper will report the value.'
                    format: int64
                    type: integer
                  collectCycle:
                    description: 'Define how frequent mapper will collect from device.'
                    format: int64
                    type: integer
                  customizedValues:
                    description: Customized values for visitor of provided protocols
                    type: object
                required:
                  - propertyName
                type: object
              type: array
            data:
              properties:
                dataTopic:
                  description: 'Topic used by mapper, all data collected from dataProperties
                    should be published to this topic,
                    the default value is $ke/events/device/+/data/update'
                  type: string
                dataProperties:
                  description: A list of data properties, which are not required to be processed by edgecore
                  items:
                    properties:
                      propertyName:
                        description: 'Required: The property name for which the desired/reported
                          values are specified. This property should be present in the
                          device model.'
                        type: string
                      metadata:
                        description: Additional metadata like filter policy, should be k-v format
                        type: object
                    required:
                      - propertyName
                    type: object
                  type: array
              type: object
          required:
            - deviceModelRef
            - nodeSelector
          type: object
        status:
          properties:
            twins:
              description: A list of device twins containing desired/reported desired/reported
                values of twin properties. A passive device won't have twin properties
                and this list could be empty.
              items:
                properties:
                  desired:
                    description: 'Required: the desired property value.'
                    properties:
                      metadata:
                        description: Additional metadata like timestamp when the value
                          was reported etc.
                        type: object
                      value:
                        description: 'Required: The value for this property.'
                        type: string
                    required:
                      - value
                    type: object
                  propertyName:
                    description: 'Required: The property name for which the desired/reported
                      values are specified. This property should be present in the
                      device model.'
                    type: string
                  reported:
                    description: 'Required: the reported property value.'
                    properties:
                      metadata:
                        description: Additional metadata like timestamp when the value
                          was reported etc.
                        type: object
                      value:
                        description: 'Required: The value for this property.'
                        type: string
                    required:
                      - value
                    type: object
                required:
                  - propertyName
                type: object
              type: array
          type: object
  version: "{{ cloudcore_devive_version }}"
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: devicemodels.devices.kubeedge.io
spec:
  group: devices.kubeedge.io
  names:
    kind: DeviceModel
    plural: devicemodels
  scope: Namespaced
  validation:
    openAPIV3Schema:
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          properties:
            properties:
              description: 'Required: List of device properties.'
              items:
                properties:
                  description:
                    description: The device property description.
                    type: string
                  name:
                    description: 'Required: The device property name.'
                    type: string
                  type:
                    description: 'Required: PropertyType represents the type and data
                      validation of the property.'
                    properties:
                      int:
                        properties:
                          accessMode:
                            description: 'Required: Access mode of property, ReadWrite
                              or ReadOnly.'
                            type: string
                            enum:
                              - ReadOnly
                              - ReadWrite
                          defaultValue:
                            format: int64
                            type: integer
                          maximum:
                            format: int64
                            type: integer
                          minimum:
                            format: int64
                            type: integer
                          unit:
                            description: The unit of the property
                            type: string
                        required:
                          - accessMode
                        type: object
                      string:
                        properties:
                          accessMode:
                            description: 'Required: Access mode of property, ReadWrite
                              or ReadOnly.'
                            type: string
                            enum:
                              - ReadOnly
                              - ReadWrite
                          defaultValue:
                            type: string
                        required:
                          - accessMode
                        type: object
                      double:
                        properties:
                          accessMode:
                            description: 'Required: Access mode of property, ReadWrite
                              or ReadOnly.'
                            type: string
                            enum:
                              - ReadOnly
                              - ReadWrite
                          defaultValue:
                            format: double
                            type: number
                          maximum:
                            format: double
                            type: number
                          minimum:
                            format: double
                            type: number
                          unit:
                            description: The unit of the property
                            type: string
                        required:
                          - accessMode
                        type: object
                      float:
                        properties:
                          accessMode:
                            description: 'Required: Access mode of property, ReadWrite
                              or ReadOnly.'
                            type: string
                            enum:
                              - ReadOnly
                              - ReadWrite
                          defaultValue:
                            format: float
                            type: number
                          maximum:
                            format: float
                            type: number
                          minimum:
                            format: float
                            type: number
                          unit:
                            description: The unit of the property
                            type: string
                        required:
                          - accessMode
                        type: object
                      boolean:
                        properties:
                          accessMode:
                            description: 'Required: Access mode of property, ReadWrite
                              or ReadOnly.'
                            type: string
                            enum:
                              - ReadOnly
                              - ReadWrite
                          defaultValue:
                            type: boolean
                        required:
                          - accessMode
                        type: object
                      bytes:
                        properties:
                          accessMode:
                            description: 'Required: Access mode of property, ReadWrite
                              or ReadOnly.'
                            type: string
                            enum:
                              - ReadOnly
                              - ReadWrite
                        required:
                          - accessMode
                        type: object
                    type: object
                required:
                  - name
                  - type
                type: object
              type: array
          type: object
  version: "{{ cloudcore_devicemodel_version }}"

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  labels:
    controller-tools.k8s.io: "1.0"
  name: clusterobjectsyncs.reliablesyncs.kubeedge.io
spec:
  group: reliablesyncs.kubeedge.io
  names:
    kind: ClusterObjectSync
    plural: clusterobjectsyncs
  scope: Cluster
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          properties:
            objectType:
              description: NodeSelector indicates the binding preferences between
                devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector
                for more details
              type: string
            objectName:
              description: 'Required: The protocol configuration used to connect to
                the device.'
              type: string
        status:
          properties:
            objectResourceVersion:
              description: 'Required: DeviceModelRef is reference to the device model
                            used as a template to create the device instance.'
              type: string
  version: v1alpha1

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  labels:
    controller-tools.k8s.io: "1.0"
  name: objectsyncs.reliablesyncs.kubeedge.io
spec:
  group: reliablesyncs.kubeedge.io
  names:
    kind: ObjectSync
    plural: objectsyncs
  scope: Namespaced
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          properties:
            objectType:
              description: NodeSelector indicates the binding preferences between
                devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector
                for more details
              type: string
            objectName:
              description: 'Required: The protocol configuration used to connect to
                the device.'
              type: string
        status:
          properties:
            objectResourceVersion:
              description: 'Required: DeviceModelRef is reference to the device model
                           used as a template to create the device instance.'
              type: string
  version: v1alpha1

---
apiVersion: v1
kind: Secret
metadata:
  name: certs
  namespace: "{{ cloudcore_namespace }}"
type: Opaque
data:
  streamCA.crt: "{{ lookup('file', '/etc/kubeedge/ca/streamCA.crt') | b64encode }}"
  stream.crt: "{{ lookup('file', '/etc/kubeedge/certs/stream.crt') | b64encode }}"
  stream.key: "{{ lookup('file', '/etc/kubeedge/certs/stream.key') | b64encode }}"

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: cloudcore
  namespace: "{{ cloudcore_namespace }}"
  labels:
    k8s-app: kubeedge
    kubeedge: cloudcore
data:
  cloudcore.yaml: |
    apiVersion: cloudcore.config.kubeedge.io/v1alpha1
    kind: CloudCore
    kubeAPIConfig:
      burst: 200
      contentType: application/vnd.kubernetes.protobuf
      kubeConfig: ""
      master: ""
      qps: 100
    leaderelection:
      LeaderElect: {{ cloudcore_LeaderElect }}
      LeaseDuration: 15s
      RenewDeadline: 10s
      ResourceLock: endpointsleases
      ResourceName: cloudcorelease
      ResourceNamespace: kubeedge
      RetryPeriod: 2s
    modules:
      cloudHub:
        advertiseAddress: {{ cloudcore_advertiseAddress }}
        dnsNames:
        - ""
        edgeCertSigningDuration: 365
        enable: true
        https:
          address: 0.0.0.0
          enable: true
          port: 10002
        keepaliveInterval: 30
        nodeLimit: {{ cloudcore_nodeLimit }}
        quic:
          address: 0.0.0.0
          maxIncomingStreams: 10000
          port: 10001
        tlsCAFile: /etc/kubeedge/ca/rootCA.crt
        tlsCAKeyFile: /etc/kubeedge/ca/rootCA.key
        tlsCertFile: /etc/kubeedge/certs/server.crt
        tlsPrivateKeyFile: /etc/kubeedge/certs/server.key
        unixsocket:
          address: unix:///var/lib/kubeedge/kubeedge.sock
          enable: true
        websocket:
          address: 0.0.0.0
          enable: true
          port: 10000
        writeTimeout: 30
      cloudStream:
        enable: true
        streamPort: 10003
        tlsStreamCAFile: /etc/kubeedge/ca/streamCA.crt
        tlsStreamCertFile: /etc/kubeedge/certs/stream.crt
        tlsStreamPrivateKeyFile: /etc/kubeedge/certs/stream.key
        tlsTunnelCAFile: /etc/kubeedge/ca/rootCA.crt
        tlsTunnelCertFile: /etc/kubeedge/certs/server.crt
        tlsTunnelPrivateKeyFile: /etc/kubeedge/certs/server.key
        tunnelPort: 10004
      deviceController:
        buffer:
          deviceEvent: 1
          deviceModelEvent: 1
          updateDeviceStatus: 1024
        context:
          receiveModule: devicecontroller
          responseModule: cloudhub
          sendModule: cloudhub
        enable: true
        load:
          updateDeviceStatusWorkers: 1
      edgeController:
        buffer:
          configMapEvent: 1
          deletePod: 1024
          endpointsEvent: 1
          podEvent: 1
          queryConfigMap: 1024
          queryEndpoints: 1024
          queryNode: 1024
          queryPersistentVolume: 1024
          queryPersistentVolumeClaim: 1024
          querySecret: 1024
          queryService: 1024
          queryVolumeAttachment: 1024
          secretEvent: 1
          serviceEvent: 1
          updateNode: 1024
          updateNodeStatus: 1024
          updatePodStatus: 1024
        context:
          receiveModule: edgecontroller
          responseModule: cloudhub
          sendModule: cloudhub
        enable: true
        load:
          deletePodWorkers: 4
          queryConfigMapWorkers: 4
          queryEndpointsWorkers: 4
          queryNodeWorkers: 4
          queryPersistentVolumeClaimWorkers: 4
          queryPersistentVolumeWorkers: 4
          querySecretWorkers: 4
          queryServiceWorkers: 4
          queryVolumeAttachmentWorkers: 4
          updateNodeStatusWorkers: 1
          updateNodeWorkers: 4
          updatePodStatusWorkers: 1
        nodeUpdateFrequency: 10
      syncController:
        enable: true


---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: kubeedge
    kubeedge: cloudcore
  name: cloudcore
  namespace: "{{ cloudcore_namespace }}"
spec:
  replicas: {{ cloudcore_replicas }}
  selector:
    matchLabels:
      k8s-app: kubeedge
      kubeedge: cloudcore
  template:
    metadata:
      labels:
        k8s-app: kubeedge
        kubeedge: cloudcore
    spec:
{% if cloudcore_replicas != "1" %}
      readinessGates:
        - conditionType: "kubeedge.io/CloudCoreIsLeader"
{% endif %}
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/master
                    operator: Exists
      containers:
        - name: cloudcore
          image: "{{ cloudcore_image }}"
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 10000
              name: cloudhub
              protocol: TCP
            - containerPort: 10002
              name: certandreadyz
              protocol: TCP
          resources:
            limits:
              cpu: 200m
              memory: 1Gi
            requests:
              cpu: 100m
              memory: 512Mi
          volumeMounts:
            - name: conf
              mountPath: /etc/kubeedge/config
            - name: certs
              mountPath: /etc/kubeedge
          env:
            - name: CLOUDCORE_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: CLOUDCORE_POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
      restartPolicy: Always
      serviceAccount: cloudcore
      serviceAccountName: cloudcore
      volumes:
      - name: conf
        configMap:
          name: cloudcore
      - name: certs
        secret:
          secretName: certs
          items:
          - key: streamCA.crt
            path: ca/streamCA.crt
          - key: stream.crt
            path: certs/stream.crt
          - key: stream.key
            path: certs/stream.key

---
apiVersion: v1
kind: Service
metadata:
  name: cloudcore
  namespace: "{{ cloudcore_namespace }}"
  labels:
    k8s-app: kubeedge
    kubeedge: cloudcore
spec:
  sessionAffinity: ClientIP
  ports:
  - port: 10000
    name: cloudhub
    nodePort: {{ cloudcore_cloudhub_nodePort }}
  - port: 10002
    nodePort: {{ cloudcore_certandreadyz_nodePort }}
    name: certandreadyz
  - port: 10003
    nodePort: {{ cloudcore_cloudstream_streamPort_nodePort }}
    name: streamport
  - port: 10004
    nodePort: {{ cloudcore_cloudstream_tunnelPort_nodePort }}
    name: tunnelport
  selector:
    k8s-app: kubeedge
    kubeedge: cloudcore
  type: NodePort
